Read Time:22 Second

FEDORA-EPEL-2024-1b8e0ad5c2

Packages in this update:

roundcubemail-1.5.8-1.el9

Update description:

Version 1.5.8

Fix XSS vulnerability in post-processing of sanitized HTML content CVE-2024-42009
Fix XSS vulnerability in serving of attachments other than HTML or SVG CVE-2024-42008
Fix information leak (access to remote content) via insufficient CSS filtering CVE-2024-42010
Fix so install/update scripts do not require PEAR (#9037)

USN-7405-1: InspIRCd vulnerabilities

It was discovered that InspIRCd did not correctly handle certificate fingerprints, which could lead to spoofing. A remote attacker could...

April 2, 2025

USN-7404-1: phpseclib vulnerabilities

It was discovered that phpseclib did not correctly handle RSA PKCS#1 v1.5 signature verification. An attacker could possibly use this...

April 2, 2025

USN-7403-1: Linux kernel (HWE) vulnerabilities

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker...

April 1, 2025